x509-verify.cpp

Timestamp:

May 14, 2020 5:40:35 PM (5 years ago)

Author:

vboxsync

Message:

IPRT/crypto: Adding RTAsn1EncodeQueryRawBits to deal with getting encoded bytes cheaply if possible and always safely. Fixed another place using RTASN1CORE_GET_RAW_ASN1_PTR and assuming input was decoded and had valid data pointers. Added RTCrStoreCertAddPkcs7 and RTCrStoreCertAddX509 for more conveniently adding decoded certs to stores. Added RTCRPKCS7VERIFY_SD_F_TRUST_ALL_CERTS to the PKCS7 verification code. Added RTCrPkcs7_ReadFromBuffer. bugref:9699

File:

: 1 edited

trunk/src/VBox/Runtime/common/crypto/x509-verify.cpp (modified) (1 diff)

Legend:

: Unmodified
: Added
: Removed

trunk/src/VBox/Runtime/common/crypto/x509-verify.cpp

-              r82968
+              r84310
      * encoded bits are missing.
      */
+    if (   pThis->TbsCertificate.SeqCore.Asn1Core.uData.pu8
+        && pThis->TbsCertificate.SeqCore.Asn1Core.cb > 0)
+    const uint8_t  *pbRaw;
+    uint32_t        cbRaw;
+    void           *pvFree = NULL;
+    rc = RTAsn1EncodeQueryRawBits(RTCrX509TbsCertificate_GetAsn1Core(&pThis->TbsCertificate), &pbRaw, &cbRaw, &pvFree, pErrInfo);
+    if (RT_SUCCESS(rc))
+    {
         rc = RTCrPkixPubKeyVerifySignature(&pThis->SignatureAlgorithm.Algorithm, hPubKey, pParameters, &pThis->SignatureValue,
+                                           RTASN1CORE_GET_RAW_ASN1_PTR(&pThis->TbsCertificate.SeqCore.Asn1Core),
+                                           RTASN1CORE_GET_RAW_ASN1_SIZE(&pThis->TbsCertificate.SeqCore.Asn1Core),
+                                           pErrInfo);
+    else
+    {
+        uint32_t cbEncoded;
+        rc = RTAsn1EncodePrepare((PRTASN1CORE)&pThis->TbsCertificate.SeqCore.Asn1Core, RTASN1ENCODE_F_DER, &cbEncoded, pErrInfo);
+        if (RT_SUCCESS(rc))
+        {
+            void *pvTbsBits = RTMemTmpAlloc(cbEncoded);
+            if (pvTbsBits)
+            {
+                rc = RTAsn1EncodeToBuffer(&pThis->TbsCertificate.SeqCore.Asn1Core, RTASN1ENCODE_F_DER,
+                                          pvTbsBits, cbEncoded, pErrInfo);
+                if (RT_SUCCESS(rc))
+                    rc = RTCrPkixPubKeyVerifySignature(&pThis->SignatureAlgorithm.Algorithm, hPubKey, pParameters,
+                                                       &pThis->SignatureValue, pvTbsBits, cbEncoded, pErrInfo);
+                else
+                    AssertRC(rc);
+                RTMemTmpFree(pvTbsBits);
+            }
+            else
+                rc = VERR_NO_TMP_MEMORY;
+        }
+                                           pbRaw, cbRaw, pErrInfo);
+        RTMemTmpFree(pvFree);
+    }

Note: See TracChangeset for help on using the changeset viewer.

Changeset 84310 in vbox for trunk/src/VBox/Runtime/common/crypto/x509-verify.cpp

Legend:

trunk/src/VBox/Runtime/common/crypto/x509-verify.cpp

Download in other formats: